// Create STACKIT Secrets Manager Instance
resource "stackit_secretsmanager_instance" "secret_manager" {
  project_id = var.stackit_project_id
  name       = var.secret_manager_name
}

// Define STACKIT Secrets Manager User
resource "stackit_secretsmanager_user" "secret_manager_user" {
  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
  project_id    = var.stackit_project_id
  instance_id   = stackit_secretsmanager_instance.secret_manager.instance_id
  description   = var.secret_manager_user_desc
  write_enabled = var.secret_manager_user_write_enabled
}

// Configure Secret Manager Provider
provider "vault" {
  address          = "https://prod.sm.eu01.stackit.cloud"
  skip_child_token = true

  auth_login_userpass {
    username = stackit_secretsmanager_user.secret_manager_user.username
    password = stackit_secretsmanager_user.secret_manager_user.password
  }
}

// Store Secret Manager Credentaisl in Secret Manager
resource "vault_kv_secret_v2" "secret_manager_cred_save" {
  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
  mount               = stackit_secretsmanager_instance.secret_manager.instance_id
  name                = "secret-manager/users/editor"
  cas                 = 1
  delete_all_versions = true
  data_json = jsonencode(
    {
     username = stackit_secretsmanager_user.secret_manager_user.username,
     password = stackit_secretsmanager_user.secret_manager_user.password
    }
  )
}